How To Order


Up to PKI Utilities

This program is used to change the Pass-Phrase securing a Private-Key. The RSA or DSA Private-Key of a Public/Private Key-Pair is stored encrypted by a 256-bit AES key, generated from random data. This hiding key is, in turn, encrypted by a second 256-bit AES key which is generated from a Pass-Phrase, which the user inputs from the console. The first AES key, randomly generated, must be stored at the head of the file; this is why it is also encrypted. This scheme gives a two-level key hierarchy to the securing of the Private-Key.

This program allows the user to change this encryption by specifying a new Pass-Phrase. The new Pass-Phrase generates a new second-key, which is used to encrypt a brand new, randomly generated hiding-key. In addition, the user may specify the number of ``hashing iterations'' to use to ``entroprize'' the Pass-Phrase, a la RFC-2898. The default number is 5000. The minimum number is 1024.

This program can also change the Pass-Phrase for a ``Secret-Key,'' which is an AES key, encrypted by the Pass-Phrase generated second AES key. A Secret-Key is usually contained, however, within an RSKeyCertificate, which allows giving it a name, an owner, a purpose, etc. This is always true of the RSA and DSA Private-Keys.


This is a command-line utility.
Usage: keyPasswd [options] filename [-o newFilename]

Information Options:
  --help    | -h -> output this help message
  --version | -V -> version of the program and OS
  --verbose | -v -> Enable Verbose mode

Output Options:
  --output     | -o <pathname>  output filename for changed Certificate
                               (default is to append a version number
                                to the input filename)
  --error-file | -e <pathname>  output filename for errors

  --entroprize-iterations | -N <number> of Pass-Phrase Entroprizing loops

  --encrypt-exportably -> hide Private-Key with Exportable DES2


Price: $ 40

Export Restrictions

Because Encryption is restricted under U.S. Export Law, programs purchased to be used outside the United States must have encryption crippled. Because the security of the Private-Keys depends on using strong encryption, we just cannot sell it to non-US Customers at this time. Currently, only Customers within the United States may purchase this program. Sorry.

Download Packages

After you have purchased your License, you may go to the Download Page to copy the program package down to your computer. You must run the program package to extract the program and to activate it, using your License Number and Activation Code.

Proceed to the Download Page.


Copyright © 2005 HEPArts, Inc. All Rights Reserved.